Vulnerability CVE-2018-1000515


Published: 2018-06-26

Description:
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server..

Type:

CWE-611

(Information Exposure Through XML External Entity Reference)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
News-articles project -> News-articles 

 References:
https://drive.google.com/drive/folders/1P7djpYX8VQ0oplhOCMFNdKQByCcw2ncU?usp=sharing

Copyright 2024, cxsecurity.com

 

Back to Top